Singapore SME Compliance Requirements: Complete 2026 Regulatory Guide

When I started my first business in Singapore, I figured compliance was just filing taxes once a year and maybe renewing a licence. Nobody told me there were half a dozen regulatory frameworks running in parallel — each with its own deadlines, penalties, and expectations. I found out the hard way when I missed a CPF deadline by two days and got hit with interest charges. Not a huge amount, but a sharp wake-up call that this stuff is real.

TL;DR: Singapore SMEs must manage compliance across multiple frameworks simultaneously: PDPA data protection, Employment Act, WSHA workplace safety, ACRA corporate governance, CPF contributions, IRAS tax filing, and often industry-specific regulations. The penalties for getting it wrong are significant — up to S$1 million for PDPA breaches, S$500,000 for workplace safety violations. Total annual compliance costs for a basic SME setup: S$1,300 to S$5,800. PSG grants can cover up to 50%.

This guide consolidates every major compliance requirement into one reference so you're not piecing it together from ten different government websites.

1. PDPA — Personal Data Protection Act

The PDPA governs how your business collects, uses, and discloses personal data. It applies to every private sector organisation in Singapore, regardless of how small you are.

What You Must Do

• Appoint a Data Protection Officer (DPO)
• Develop and implement data protection policies
• Obtain consent before collecting personal data (with specific exceptions)
• Let individuals access and correct their data
• Protect personal data with reasonable security measures
• Limit data retention to what's necessary
• Restrict transfers of data outside Singapore
• Maintain a data breach notification process
• Comply with the Do Not Call Registry for marketing

What It Costs to Get Wrong

Fines up to S$1 million or 10% of annual turnover (whichever is higher) for larger organisations. See our detailed penalties guide.

Where to Start

Run through the PDPA Compliance Checklist to assess where you stand.

2. Employment Act

The Employment Act is Singapore's primary employment legislation. Since the 2019 amendments, it covers essentially all employees under a contract of service.

Key Obligations

• Salary: Pay within 7 days of salary period end
• Payslips: Itemised payslips for every payment
• Leave: Annual leave (7-14 days), sick leave (14+60 days), maternity (16 weeks), paternity (2 weeks)
• Working hours: Maximum 44 hours/week (or 48 with shorter day)
• Overtime: 1.5x rate for eligible employees
• Public holidays: 11 gazetted days per year
• Termination notice: Per contract or statutory minimums
• Key Employment Terms (KETs): Written KETs within 14 days of start date

Fines up to S$5,000 per offence. MOM actively investigates complaints.

3. Workplace Safety and Health Act (WSHA)

The WSHA requires every employer to ensure workplace safety as far as reasonably practicable. Yes, even offices.

Key Obligations

• Conduct risk assessments for all workplace activities
• Implement safety measures to eliminate or reduce risks
• Report workplace accidents and dangerous occurrences to MOM
• Provide safety training for employees
• Maintain workplace safety documentation
• Appoint a WSH Officer (for specified workplaces)

Fines up to S$500,000 and/or imprisonment up to 2 years.

4. ACRA — Corporate Governance

Every company registered with ACRA must maintain proper corporate governance. This is the stuff that seems tedious until you miss a deadline and your company gets flagged.

Key Obligations

• Annual return: File within 30 days of your AGM
• AGM: Hold within 6 months of financial year end
• Company secretary: Appoint within 6 months of incorporation; must be a Singapore resident
• Registered office: Maintain a registered address open during business hours
• Statutory registers: Directors, members, charges
• Change notifications: File changes (directors, address, shares) within 14 days

Late filing penalties start at S$300 and go up. Failure to hold an AGM can result in prosecution and fines up to S$5,000.

5. CPF — Central Provident Fund

If you employ Singapore Citizens or Permanent Residents, CPF contributions are mandatory. No exceptions, no grace period.

Key Obligations

• Employer contribution: 17% for employees aged 55 and below earning over S$750/month
• Employee contribution: 20%
• Deadline: By the 14th of the following month
• Foreign employees: No CPF required (but levy applies for WP holders)

Late payment incurs interest at 1.5% per month. Persistent defaulters face prosecution with fines up to S$5,000 and imprisonment.

6. Tax — IRAS

Corporate Tax

• ECI filing: Within 3 months of financial year end
• Annual return: Form C-S or Form C by 30 November (for Dec year-end)
• Rate: 17% (with partial exemption on first S$200,000)
• Records: Keep business records for at least 5 years

GST

• Registration: Mandatory if taxable turnover exceeds S$1 million
• Filing: Quarterly returns, due 1 month after quarter end
• Current rate: 9% (since 1 January 2024)

7. Industry-Specific Compliance

Depending on your sector, you may face additional requirements:

F&B: SFA food shop licence, NEA hygiene requirements, food safety courses. Healthcare: MOH licensing, Healthcare Services Act compliance. Financial Services: MAS licensing, AML obligations, Payment Services Act. Education: CPE registration, EduTrust certification. Construction: BCA licensing, enhanced WSHA requirements.

Compliance Calendar: Key Annual Deadlines

Monthly: CPF by the 14th. Payslips within 3 days of salary payment.

Quarterly: GST returns (if registered) due 1 month after quarter end.

Annually: ACRA annual return within 30 days of AGM. AGM within 6 months of FYE. IRAS ECI within 3 months of FYE. IRAS tax return by 30 November. PDPA annual review (recommended). Risk assessment review.

Managing Compliance Without a Legal Department

Most SMEs don't have in-house legal or compliance teams. Here's what works in practice:

Use Compliance Software

Tools like ComplyHQ automate PDPA compliance — gap assessments, policy generation, data inventory management, and monitoring. For employment law and WSHA, HR software with built-in compliance features helps.

Use Government Resources

Singapore's government provides extensive free resources. The PDPC offers a compliance toolkit and data protection notice generator. MOM publishes employment practices guidelines. ACRA runs BizFile+ for online filing. Enterprise Singapore offers the PSG Grant for compliance software (up to 50% subsidy).

Set Up a Compliance Calendar

Calendar reminders for every statutory deadline. Missing CPF by one day triggers penalties. Late ACRA filings accumulate fines. A shared calendar with reminders at 4 weeks, 2 weeks, and 3 days before each deadline prevents costly oversights.

Get Professional Help Where It Matters

• Company secretary (required by law): handles ACRA filings
• Accountant: tax filing and GST compliance
• PDPA compliance: DIY with tools like ComplyHQ, or engage a consultant for complex situations

For most SMEs, total annual compliance costs: S$1,300 to S$5,800. Far less than any single fine for non-compliance.

How ComplyHQ Fits In

ComplyHQ handles the PDPA piece of your regulatory obligations:

• AI-powered gap assessment across all 10 PDPA obligations
• Policy generator for privacy policies, data protection policies, and breach response plans
• Data inventory builder mapping data flows across systems and vendors
• Ongoing monitoring with alerts for regulatory changes
• PSG Grant eligible — up to 50% subsidy for qualifying SMEs

Start with a free assessment. Takes 15 minutes, gives you a clear compliance score with actionable next steps.

Related Resources

• PDPA Compliance Checklist for Singapore SMEs — Detailed PDPA checklist
• Employment Act Singapore 2026: Complete Guide for Employers — Employment law guide
• Workplace Safety and Health Act Guide — WSHA compliance
• PSG Grant for Singapore SMEs — Government funding for compliance tools
• 10 PDPA Obligations Every Singapore Business Must Follow — Detailed obligation breakdown
• MAS Compliance for Singapore SMEs — Financial regulation guide
• Best PDPA Compliance Software for Singapore SMEs (2026) — Software comparison

Sources

1. PDPC — Personal Data Protection Commission
2. Personal Data Protection Act 2012
3. CSA — Cyber Security Agency of Singapore

Looking for more? Check out Adaptels.